Legal documents
Cookie Policy
Last updated: July 2, 2026
This is an informative English translation. The legally binding version is the Romanian original, which prevails in case of any discrepancy.
In short
We use strictly necessary cookies for authentication and security (always on) and, with your explicit consent, anonymous analytics cookies via PostHog EU (hosted in the European Union, no advertising profiling, no sharing with ad networks). No Google Analytics, no Facebook Pixel, we do not sell data.
What is a cookie
A cookie is a small text file saved by the browser when you visit a site. It lets the site “remember” you between pages (e.g. to keep you logged in). Cookies can be from the site you are visiting (first-party) or from other domains (third-party — typically used for tracking).
Under European law (the ePrivacy Directive + GDPR + Law 506/2004 art. 4 in Romania), sites are allowed to use strictly necessary cookies without consent, but must inform you. For everything else (analytics, marketing) you need explicit consent.
The cookies we use
| Name | Purpose | Duration | Type |
|---|---|---|---|
| florova.session_token | Keeps you authenticated after login | 7 days (30 with “remember me”) | Strictly necessary |
| florova.dont_remember | Remembers the “don’t keep me logged in” preference at signin | Session | Strictly necessary |
| florova.pin_ok | Keeps the panel unlocked after you enter your PIN (only if you have enabled the PIN) | Session (sliding, ~5 min of inactivity) | Strictly necessary |
| florova-locale | Remembers the chosen language (Romanian / English) | 1 year | Functional |
| ph_* | PostHog EU — anonymous analytics (page views, feature usage). Set only if you accepted the “Analytics” category. | 1 year | Analytics (optional) |
Strictly necessary cookies are exempt from consent under ePrivacy art. 5(3) — without them the app does not work (you cannot log in).
Analytics + diagnostics — PostHog EU + Sentry (optional)
If you grant consent for the “Analytics” category, we use PostHog EU to understand how the app is used and which features are useful. PostHog EU is hosted in Frankfurt (Germany) — your data does NOT leave the European Union.
What we send:
- Pages visited (URL without sensitive parameters)
- Usage events (e.g. “created a sale”, “opened a report”)
- The user ID only if you are logged in (
person_profiles: "identified_only") — so we can contact active users for feedback, NOT for advertising
What we do NOT send:
- Your clients’ personal data (names, phone numbers, addresses)
- Financial data (prices, sales, amounts)
- Passwords, tokens, secrets
- Tiptap / site builder content
Diagnostics on error (Sentry). Also with this consent, if the app encounters an error while you are using it (only in the admin panel, after authentication), our diagnostic tool records the steps that led to the error so we can fix it. The recording is fully masked — all text, filled-in fields and images are hidden. Without consent, it does not arm at all. Technical error stack traces (without screen recording) may be collected even without consent, on the basis of legitimate interest for security (see the Privacy Policy).
What we do NOT use
- Google Analytics, Mixpanel, Amplitude or other analytics tracking
- Facebook Pixel, Meta Ads, TikTok Pixel
- Hotjar, FullStory or other tools that continuously record sessions. (On an app error, only if you accepted the “Analytics” category, our diagnostic tool — Sentry — may record, masked, the steps that led to the error. Without consent nothing is recorded — see the section above.)
- Third-party advertising
- Profiling or significant automated decisions
Local storage (sessionStorage / localStorage)
In addition to cookies, the app uses sessionStorage and localStorage — in-browser storage technologies similar to cookies — exclusively for interface preferences, never for your business data:
- The theme preference (light / dark / system) and the chosen language — in
localStorage - Your cookie consent choice (in
localStorage, not a cookie) - Display preferences: table sorting and filters, dashboard columns, sidebar open/closed, unsaved form drafts — among others
- Dismissal of informational banners (so they don’t reappear in the same tab)
- Stock notifications already shown (per tab, so they don’t repeat)
- Temporary diagnostic buffer on error (Sentry) — only if you accepted “Analytics”; fully masked and cleared when the tab is closed
Your business data (products, sales, clients) is saved directly in the cloud database (servers in the European Union), for any account — it does not stay in the browser.
Change your preferences
You can withdraw consent for analytics cookies at any time. By pressing the button below, we will delete the saved preferences and the consent banner will reappear on the next page → you can decide again.
How you can control cookies
Questions?
Write to us at contact@albertoiacob.ro. See also the Privacy Policy.